aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Module/Magic.php1
-rwxr-xr-xboot.php3
-rw-r--r--include/channel.php2
3 files changed, 3 insertions, 3 deletions
diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php
index e034f1cdf..be6866592 100644
--- a/Zotlabs/Module/Magic.php
+++ b/Zotlabs/Module/Magic.php
@@ -21,7 +21,6 @@ class Magic extends \Zotlabs\Web\Controller {
$owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0);
$delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : '');
-
if($bdest)
$dest = hex2bin($bdest);
diff --git a/boot.php b/boot.php
index 04cb7c24c..e4ef33be6 100755
--- a/boot.php
+++ b/boot.php
@@ -874,11 +874,12 @@ class App {
}
if((x($_SERVER,'QUERY_STRING')) && substr($_SERVER['QUERY_STRING'], 0, 2) === "q=") {
- self::$query_string = escape_tags(substr($_SERVER['QUERY_STRING'], 2));
+ self::$query_string = str_replace(['<','>'],['&lt;','&gt;'],substr($_SERVER['QUERY_STRING'], 2);
// removing trailing / - maybe a nginx problem
if (substr(self::$query_string, 0, 1) == "/")
self::$query_string = substr(self::$query_string, 1);
}
+
if(x($_GET,'q'))
self::$cmd = escape_tags(trim($_GET['q'],'/\\'));
diff --git a/include/channel.php b/include/channel.php
index 59dd60ea2..d7c5a2511 100644
--- a/include/channel.php
+++ b/include/channel.php
@@ -1710,7 +1710,7 @@ function zid_init() {
// try to avoid recursion - but send them home to do a proper magic auth
$query = App::$query_string;
$query = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$query);
- $dest = '/' . urlencode($query);
+ $dest = '/' . $query;
if($r && ($r[0]['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) {
goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&owa=1&bdest=' . bin2hex(z_root() . $dest));
}